[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Do we really need to worry about viruses (was Re: Anyone else notice that Swen is slowing down?)

Ron Johnson <ron.l.johnson@cox.net> [2003:10:02:04:44:28-0500] scribed:
> On Wed, 2003-10-01 at 23:17, ScruLoose wrote:
> > On Wed, Oct 01, 2003 at 07:56:07PM -0500, Michael D Schleif wrote:
> > > "Karsten M. Self" <kmself@ix.netcom.com> [2003:10:02:00:37:35+0100] scribed:
> [snip]
> > > That kind of executable -- one that entices a user to click on it -- is
> > > just as real a threat to non-Microsoft userland, that I insist that your
> > > point is not all inclusive of the threats at hand.  Simply because there
> > > is not yet a major, far reaching virus/worm propagating primarily from
> > > Linux boxen, does not rule out the existence of a threat . . .
> > 
> > Most non-MS users are not likely to be logged in as root when they
> > check the mail, so whether some virus auto-executes or entices them to
> > click on it, the damage is generally going to be pretty well contained.
> > 
> > It's going to take a _hell_ of a lot of social engineering to convince
> > me to su, provide my root password, install and run some program that
> > showed up in my inbox. No matter how pretty a message it's packaged
> > in. Even assuming that the user getting the infected mail _has_ the
> > root password.
<snip />

> Given the security model of Unix, we truly do *not* have to worry
> about email viruses (or viruses coming through click-thru social-
> engineering vectors).
<snip />


In fact, just this week, I am engaged with a prominent software
development company, and every one of the developers develops on
various Linux boxen, and every one of them insists on running as root.

I also help support several neighborhood *nix users, and most of them
are equally recalcitrant root account users.

Yes, this is the debian-users mailing list; but, we are 31337 Linux
users, and we support standards and best practices.  We do not qualify,
for the most part, as Joe-Average users -- and, we probably never will.

Take a long, hard look at the real world *before* you knee-jerk a
response to this post.  IMHO, the view you will see is not far off of
the mark I have just made . . .

Best Regards,

mds resource
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much
we think we know.  The more I know, the more I know I don't know . . .

Attachment: pgpMrpHiczkhL.pgp
Description: PGP signature

Reply to: